lazarus group (7)

12224754080?profile=RESIZE_400xGoogle’s threat hunting unit has again intercepted an active North Korean APT actor sliding into the DMs of security researchers and using zero-days and rigged software tools to take control of their computers.  Google’s Threat Analysis Group (TAG) recently reported the government-backed hacking team’s social media accounts and warned that at least one actively exploited zero-day is being used and is currently unpatched.[1]

See:  https://redskyalliance.org/xindustry/no-good-deed-goes-unpunished

10807583873?profile=RESIZE_400xA malicious campaign mounted by the North Korea-linked Lazarus Group targets energy providers worldwide, including those based in the United States, Canada, and Japan.

The campaign is meant to infiltrate organizations worldwide to establish long-term access and subsequently exfiltrate data of interest to the adversary's nation-state, according to investigators.  Some elements of the espionage attacks have already been reported in the media.

See:  https://redskyalliance.org/xindustry/lazarus-grou

10771960298?profile=RESIZE_400xThe US Department of Treasury placed sanctions on 08 August 2022 regarding Tornado Cash, a leading "crypto mixer" for transactions in virtual currency that US officials describe as a hub for laundering stolen funds, including by North Korean hackers.   The Treasury Department reported Tornado Cash had been used to transfer at least $96 million of funds stolen in June from crypto exchange service Harmony Bridge and another $7.8 million of the nearly $200 million in cryptocurrency hacked from Noma

8157700677?profile=RESIZE_400xA cyberespionage campaign aimed at aerospace and defense sectors to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought.  The use of job of employment ads and postings have the recent bait for unsuspecting victims.

The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involve

7993726679?profile=RESIZE_400xCyber threat researchers have examined security incidents over the past several years that appear to connect North Korea's Lazarus Group with Russian speaking attackers.  A recent analysis has examined reports from years of security incidents to pinpoint links between Lazarus Group, historically tied to North Korea, and Russian-speaking cybercriminals.

In a summary of his findings, Mark Arena, CEO of security firm Intel 471, holds two generally accepted assumptions: that Lazarus Group is tied to

7445070897?profile=RESIZE_400xActivity Summary - Week Ending 31 July 2020:

  • Red Sky Alliance observed 41 unique email accounts compromised with Keyloggers
  • Analysts identified 43,115 connections from new unique IP addresses
  • 1,518 new IP addresses were discovered participating in Various Botnets
  • Taidoor remote access Trojan
  • Lazarus Attacks with Ransomware Worms
  • Baker Hughes still has Cyber issues
  • Hezbollah remains in the Top 5 Cyber Threat Actors
  • Oil moving Renewable & Green
  • Egypt and Greece signed a maritime agreement; Turkey

7160201076?profile=RESIZE_400xAccording to a recent article from ThreatPost, the North Korea-linked APT known as Lazarus Group, also known by names such as the Guardians of Peace, Whois Team, Hidden Cobra and Zinc has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux, and macOS operating systems.  Cyber threat investigators at Kaspersky have uncovered a series of attacks utilizing MATA (so-called because the malware authors themselves call their infrastructure MataNet), involving the